In 2021, as enterprise security leaders look to better understand and tackle their organization’s risks as it relates to the COVID-19 pandemic, following this model can be helpful: designate a dedicated response team; analyze how risks have changed and what new types of risks there are; consider the appetite for taking risks and prioritize them. Here's how.
According to global risk consultancy Control Risks’ annual forecast of political and security risks to help businesses prepare for the challenges next year will bring, there are a handful of important ongoing threats into this year that all risk managers and security leaders should be aware of.
Picture this – in 20 minutes, one enterprising hacker at the 2012 Defcon conference in Las Vegas learned one Wal-Mart store’s physical logistics – from the janitorial contractor to where employees go to lunch – key details about the make and version numbers of the Wal-Mart manager’s PC, browser and anti-virus software, and got the manager to upload the address of an external website into his browser – no questions asked.
Utilizing the principles, standards and methodologies of ERM and/or ISO 31000 as the foundation of security programs is vital in order to transform your security program to holistically address the full scope of the risk, threat and hazard landscape that your organization faces today and into the future. Going forward, we will provide some insight into the concepts of ERM and why it is so important to utilize ERM as the foundation of your security program.
Risk appetite isn’t a term that comes up a lot in the security trade media. This is interesting, because understanding risk appetite is a crucial factor in developing acceptable security programs, communicating value, and aligning the function with the goals of the business — all of which are talked about in security circles all the time. So what is risk appetite?